IETF Logo Mail Archive

Re: [6lo] RESEND: Reveiw of draft-ietf-6lo-privacy-considerations-00

AbdurRashidSangi <rashid.sangi@huawei.com> Wed, 24 February 2016 07:10 UTC

Return-Path: <rashid.sangi@huawei.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C4201B46F2 for <6lo@ietfa.amsl.com>; Tue, 23 Feb 2016 23:10:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.207
X-Spam-Level:
X-Spam-Status: No, score=-4.207 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pXaO9h1zOe3x for <6lo@ietfa.amsl.com>; Tue, 23 Feb 2016 23:10:22 -0800 (PST)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46BF91B46EE for <6lo@ietf.org>; Tue, 23 Feb 2016 23:10:21 -0800 (PST)
Received: from 172.18.7.190 (EHLO lhreml403-hub.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CEX80170; Wed, 24 Feb 2016 07:10:18 +0000 (GMT)
Received: from LHREML707-CAH.china.huawei.com (10.201.5.199) by lhreml403-hub.china.huawei.com (10.201.5.217) with Microsoft SMTP Server (TLS) id 14.3.235.1; Wed, 24 Feb 2016 07:09:13 +0000
Received: from SZXEMI401-HUB.china.huawei.com (10.82.75.33) by lhreml707-cah.china.huawei.com (10.201.5.199) with Microsoft SMTP Server (TLS) id 14.3.235.1; Wed, 24 Feb 2016 07:09:13 +0000
Received: from SZXEMI505-MBS.china.huawei.com ([169.254.4.26]) by SZXEMI401-HUB.china.huawei.com ([10.82.75.33]) with mapi id 14.03.0235.001; Wed, 24 Feb 2016 15:09:04 +0800
From: AbdurRashidSangi <rashid.sangi@huawei.com>
To: "6lo@ietf.org" <6lo@ietf.org>
Thread-Topic: [6lo] RESEND: Reveiw of draft-ietf-6lo-privacy-considerations-00
Thread-Index: AdFu0WvKEAVS4v/UR2qhLzOUBsxIGgAAEhGAAAAEzYA=
Date: Wed, 24 Feb 2016 07:09:04 +0000
Message-ID: <C3DD54213F5261438F5CE46038658EE34DDD39@SZXEMI505-MBS.china.huawei.com>
References: <C3DD54213F5261438F5CE46038658EE34DDD28@SZXEMI505-MBS.china.huawei.com>
In-Reply-To: <C3DD54213F5261438F5CE46038658EE34DDD28@SZXEMI505-MBS.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.151.40]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090202.56CD575B.0072, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.26, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: b9746fd4012ea07ab2540a9b2a992262
Archived-At: <http://mailarchive.ietf.org/arch/msg/6lo/P7ImV5myzeqLI3dZtvXNvCmdTHM>
Cc: Kerry Lynn <kerlyn@ieee.org>
Subject: Re: [6lo] RESEND: Reveiw of draft-ietf-6lo-privacy-considerations-00
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2016 07:10:25 -0000

Dear all,

Suppose if a particular use case requires more frequently the arbitrary use of randomly generated IIDs then enormous amount of DAD cycle would be created.

Although, MAC driven IIDs (RFC2464, RFC2467, RFC2470, RFC2491, RFC2492, RFC2497, RFC2590, RFC3146, RFC3572, RFC4338, RFC4391, RFC5121 and RFC5072) needs less or no amount of DAD but in practice such IID generation is discouraged "draft-ietf-6man-default-iids-09 AND I-D.ietf-6man-ipv6-address-generation-privacy" as the privacy concerns (Network activity correlation, Location tracking, Address scanning and Device-specific vulnerability exploitation) still persist. More preferred approach is to use RFC7217 for same purpose. 

Unlike for DAD the 6LBR, providing the status (= 1) and needs the LN to regenerate an IID which ultimately require another DAD cycle, 6LBR (according to RFC7217) suggest a unique IID for LNs using its own (6LBR) secret key?

Wouldn't it be a better approach?

Cheers,
Rashid Sangi.

> 
> Greetings,
> 
> To begin finalizing the Security Considerations section of draft-ietf-
> 6lo- 6lobac, i thought it would be useful to re-read and offer my
> review of draft-ietf-6lo-privacy-considerations-00.
> 
> First, some general comments:
> 
> - I find the document clear and understandable, as per Dave's usual.
> 
> - As this document pertains to constrained devices, I think some of the
> concerns expressed in other fora (e.g. leaking link-local address in
> email headers) don't apply here.
> 
> - I think it would be helpful to clearly divide the document according
> to threats posed by off-link vs on-link adversaries.  In the off-link
> case, we are dealing only with routable addresses and information that
> is at L3 or higher.  This class of threats applies to all hosts,
> including 6lo.
> Using a random 60+ bit IID (per prefix?) will mitigate all threats
> discussed in draft-ietf-6man-ipv6-address-generation-privacy except
> correlation of activity over time.
> 
> In the on-link case, are we only concerned with threats that apply to
> (wireless) data links that are susceptible to eavesdropping, or must we
> also be concerned with intruders in the wiring closet?  In any event,
> this class of threats would seem to exclude address scanning (which is
> trivial if an attacker has access to the local link traffic).
> 
> - If address scanning is eliminated as a concern (as in cases where it
> cannot be prevented), then arguments about "enough entropy" do not
> apply and locally assigned short addresses have their rightful place in
> forming link-local IIDs.  The side effect of this is to enable
> maximally efficient RFC 6282 compression for link-local traffic.
> 
> - Concerns about correlation over time may not apply to certain classes
> of devices (fixed servers) or applications (e.g. building automation,
> where associating link-layer address with location is a feature, not a
> bug).  In some cases, it may simply be impractical to change link-layer
> address on a frequent basis (e.g. it is common in the case of MS/TP
> nodes to set the L2 address via DIP switches).
> 
> - It has been suggested that ND might be eliminated in some cases to
> further increase bandwidth efficiency.  (For example, in cases where a
> locally-assigned short identifier has been assigned at L2 and is then
> used to form an IID, ND is redundant.)  AFAIK, there hasn't been any
> discussion about how to tell the difference between L2-derived and
> "random" IIDs.  We might identify L2-derived IIDs as those containing
> the 0xFFFE pattern in the middle, or not having the 0xFFFE pattern but
> having the U/L bit = 0 in the IID.  This would exclude these patterns
> from valid privacy IIDs and result in a maximum entropy of ~63 bits.
> 
> 
> Now on to specifics:
> 
> - In section 2, I think the analysis pertains to the lifetime of a
> given
> 
> link so the wording "average lifetime of a device" should instead be
> 
> "average lifetime of a link".
> 
> It is worth noting that CoAP servers do not have a "stealth mode".
> According to [RFC7252] a CoAP server MUST respond to an empty
> Confirmable message with a Reset message.
> 
> - In section 3, MS/TP has 7 or 64 bits (since L2 addresses must be in
> the range 0 - 127).
> 
> - Section 3.1 seems to alternately switch between discussing link-layer
> addresses and IIDs formed from those addresses.  Perhaps consistent use
> of "link identifier" and "interface identifier" would help disambiguate
> the meaning.
> 
> EUI-64 and EUI-48 are well-defined terms (trademarked in fact, and this
> should be noted in the document).  An EUI-64 may have 40, 36, or
> 28 bits of entropy, while an EUI-48 may have 24, 20, or 12 bits, none
> of which meet the standard of "at least 46 bits".  I'm not sure it's
> accurate to use "randomized IEEE identifiers", unless this refers to
> locally-assigned MAC addresses with the U/L bit = 1, in which case we
> might want to reference an appropriate IEEE 802 or ISO standard.
> 
> - In Section 4, first bullet, it should be enough to indicate that
> privacy IIDs are RECOMMENDED for routable addresses.  (Is there a case
> where a privacy IID is less than ~63 bits of entropy?)  This section
> should also discuss options for providing privacy IIDs via DHCPv6
> (M=1 in RA).
> 
> Second bullet - as I've indicated above, there's no such thing as a
> "random" EUI-64 or EUI-48.  We can probably use "randomized MAC
> addresses".  I need to go back and re-read [RFC7136] to see if it makes
> sense to specify U/L bit in this context.
> 
> Third bullet - this advice should not apply to link-local IIDs.  Any
> 
> attacker wishing to find "hits" just needs to fire up a sniffer.
> 
> Fourth bullet - this advice should not apply to link-local IIDs for
> devices or applications where correlation of activities over time is
> not a concern.
> 
> HTH, Kerry
>

v2.23.0 | Report a Bug | By Email